Reputation: 6973
Windows Authentication Between React and ASP.NET Back-end
I have a multi-tier application which is using 2 NET Core ASP.NET tiers.
- Tier 01
- React JS hosted via ASP.NET Core
- Tier 02
- Back-end HTTP rest
The Tier 01 is using NTLM, so when the User open the Browser, ASP.NET Core loads the React SPA and from ASP.NET Core I can get the IPrincipal of the current Windows User. The Back-end, unfortunately, is always running in the context of the App Pool service account.
In this scenario, what would be the correct way, from React, to call the Back-end using the Windows Account which is running the application? Is there a way to generate a Token, like OAuth, in the Front-end NET Core host and then pass it to the Back-end?
Note
I do have an architectural requirement, I can't use Username and Password, I can't use Basic Authentication. The Front-end must open using NTLM and display the current Windows Account (this part is working)
Upvotes: 3
Views: 3922
Answers (1)
Reputation: 712
I think you can use the approach mentioned in below link. In tier 01, create an API endpoint that requires Windows Authentication. Get user info from the identity and generate a token.
Use Windows Authentication with OAuth 2.0
For token generation, let's use IdentityServer. Generate access token with IdentityServer4 without password
Upvotes: 2
Related Questions
- Why 401 unauthorized happen, although CORS is used?
- ASP.NET Core with React.js API authorization
- .Net Core 3.1 react application with identity authentication - 403 Error Access is denied using provided credentials
- Authorization and authentication in web application with ASP.NET Core backend and React frontend?
- windows Authorization in ReactJS and .NET Core API
- Authentication in .net Core with ReactJS SPA
- How to make a React App windows Authentication
- Windows Authentication in .net Core 2.1 application
- Authentication using an .NET API and Javascript frontend
- Windows Authentication with asp.net core